Joplin Security Vulnerabilities and Issues — Joplin CVE List

Lucene search

JoplinappJoplin

5 matches found

CVE•added 2024/11/14 6:15 p.m.•68 views

CVE-2024-49362

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This v...

9.6CVSS8AI score0.00197EPSS

CVE•added 2022/07/25 9:15 p.m.•55 views

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

9CVSS9.2AI score0.1035EPSS

CVE•added 2022/09/30 5:15 p.m.•46 views

CVE-2022-40277

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before pas...

7.8CVSS7.9AI score0.00052EPSS

CVE•added 2024/09/09 3:15 p.m.•46 views

CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "

9.6CVSS9.1AI score0.008EPSS

CVE•added 2021/08/24 8:15 a.m.•44 views

CVE-2021-23431

The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms.

8.8CVSS7.1AI score0.00138EPSS